Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1065026 - user namespace without setting UID Mappings. [NEEDINFO]
Summary: user namespace without setting UID Mappings.
Keywords:
Status: CLOSED INSUFFICIENT_DATA
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel
Version: 22
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Kernel Maintainer List
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-02-13 17:38 UTC by Daniel Walsh
Modified: 2015-11-23 17:23 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-11-23 17:23:46 UTC
jforbes: needinfo?


Attachments (Terms of Use)

Description Daniel Walsh 2014-02-13 17:38:53 UTC
Aris asked me to open a bug on this.  Basically we would like to use user namespace with just the NS_capability separation and not the UID Mappings.

Does user namespacing work if you just set UID=0 inside the container to UID=0 outside of the container.

Comment 1 Josh Boyer 2014-02-13 18:55:51 UTC
Is this just letting only root create user namespaces?  If so, I believe we already do that by carrying a patch we worked through with bug 917708.  If not, could you maybe clarify what the end goal is a bit more?

Comment 2 Daniel Walsh 2014-02-13 19:15:28 UTC
Yes root is only allowed to create this namespace, but this is a little different.  I want to make sure it is ok to assign 0 to 0 in the mapping.

Maybe I should have assigned to RHEL7 rather then Fedora.  Although we want it in both places.

Basically after you setup a user namespace you can set up a mapping between users on the host and users within the namespace.

UID-0 in the namespace == UID-5000 outside.

I want to make sure the kernel does the right thing if

UID-0 inside == UID-0 outside.  Drop capablities but allow the mapping.

Comment 3 Jaroslav Reznik 2015-03-03 15:28:53 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 22 development cycle.
Changing version to '22'.

More information and reason for this action is here:
https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora22

Comment 4 Justin M. Forbes 2015-10-20 19:40:45 UTC
*********** MASS BUG UPDATE **************

We apologize for the inconvenience.  There is a large number of bugs to go through and several of them have gone stale.  Due to this, we are doing a mass bug update across all of the Fedora 22 kernel bugs.

Fedora 22 has now been rebased to 4.2.3-200.fc22.  Please test this kernel update (or newer) and let us know if you issue has been resolved or if it is still present with the newer kernel.

If you have moved on to Fedora 23, and are still experiencing this issue, please change the version to Fedora 23.

If you experience different issues, please open a new bug report for those.

Comment 5 Fedora Kernel Team 2015-11-23 17:23:46 UTC
*********** MASS BUG UPDATE **************
This bug is being closed with INSUFFICIENT_DATA as there has not been a response in over 4 weeks. If you are still experiencing this issue, please reopen and attach the relevant data from the latest kernel you are running and any data that might have been requested previously.


Note You need to log in before you can comment on or make changes to this bug.